- Fix sandbox copyfile when copying a dir with a socket, print error
This commit is contained in:
parent
0f1eb5c333
commit
cf96c73364
@ -5783,8 +5783,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policy
|
|||||||
+</glade-project>
|
+</glade-project>
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.83/gui/polgengui.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.83/gui/polgengui.py
|
||||||
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.83/gui/polgengui.py 2010-08-05 17:40:33.000000000 -0400
|
+++ policycoreutils-2.0.83/gui/polgengui.py 2010-09-10 11:45:24.000000000 -0400
|
||||||
@@ -0,0 +1,650 @@
|
@@ -0,0 +1,657 @@
|
||||||
+#!/usr/bin/python -Es
|
+#!/usr/bin/python -Es
|
||||||
+#
|
+#
|
||||||
+# polgengui.py - GUI for SELinux Config tool in system-config-selinux
|
+# polgengui.py - GUI for SELinux Config tool in system-config-selinux
|
||||||
@ -5878,8 +5878,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||||||
+
|
+
|
||||||
+ def __init__(self):
|
+ def __init__(self):
|
||||||
+ self.xml = xml
|
+ self.xml = xml
|
||||||
+ self.all_types=polgen.get_all_types()
|
+ try:
|
||||||
+ self.all_modules=polgen.get_all_modules()
|
+ self.all_types = polgen.get_all_types()
|
||||||
|
+ self.all_modules = polgen.get_all_modules()
|
||||||
|
+ self.all_roles = polgen.get_all_roles()
|
||||||
|
+ self.all_users = polgen.get_all_users()
|
||||||
|
+ except RuntimeError, e:
|
||||||
|
+ self.all_types = []
|
||||||
|
+ self.all_modules = []
|
||||||
|
+ self.all_roles = []
|
||||||
|
+ self.all_users = []
|
||||||
|
+ self.error(str(e))
|
||||||
|
+
|
||||||
+ self.name=""
|
+ self.name=""
|
||||||
+ xml.signal_connect("on_delete_clicked", self.delete)
|
+ xml.signal_connect("on_delete_clicked", self.delete)
|
||||||
+ xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean)
|
+ xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean)
|
||||||
@ -5970,13 +5980,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||||||
+ col = gtk.TreeViewColumn(_("Existing_User"), gtk.CellRendererText(), text = 0)
|
+ col = gtk.TreeViewColumn(_("Existing_User"), gtk.CellRendererText(), text = 0)
|
||||||
+ self.existing_user_treeview.append_column(col)
|
+ self.existing_user_treeview.append_column(col)
|
||||||
+
|
+
|
||||||
+ roles = polgen.get_all_roles()
|
+ for i in self.all_roles:
|
||||||
+ for i in roles:
|
|
||||||
+ iter = self.role_store.append()
|
+ iter = self.role_store.append()
|
||||||
+ self.role_store.set_value(iter, 0, i[:-2])
|
+ self.role_store.set_value(iter, 0, i[:-2])
|
||||||
+
|
+
|
||||||
+ self.types = polgen.get_all_types()
|
|
||||||
+
|
|
||||||
+ self.transition_treeview = self.xml.get_widget("transition_treeview")
|
+ self.transition_treeview = self.xml.get_widget("transition_treeview")
|
||||||
+ self.transition_store = gtk.ListStore(gobject.TYPE_STRING)
|
+ self.transition_store = gtk.ListStore(gobject.TYPE_STRING)
|
||||||
+ self.transition_treeview.set_model(self.transition_store)
|
+ self.transition_treeview.set_model(self.transition_store)
|
||||||
@ -5993,7 +6000,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||||||
+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
|
+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
|
||||||
+ self.user_transition_treeview.append_column(col)
|
+ self.user_transition_treeview.append_column(col)
|
||||||
+
|
+
|
||||||
+ for i in polgen.get_all_users():
|
+ for i in self.all_users:
|
||||||
+ iter = self.user_transition_store.append()
|
+ iter = self.user_transition_store.append()
|
||||||
+ self.user_transition_store.set_value(iter, 0, i[:-2])
|
+ self.user_transition_store.set_value(iter, 0, i[:-2])
|
||||||
+ iter = self.existing_user_store.append()
|
+ iter = self.existing_user_store.append()
|
||||||
@ -6010,7 +6017,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||||||
+ for i in polgen.methods:
|
+ for i in polgen.methods:
|
||||||
+ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i)
|
+ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i)
|
||||||
+ if len(m) > 0:
|
+ if len(m) > 0:
|
||||||
+ if "%s_exec_t" % m[0] in self.types:
|
+ if "%s_exec_t" % m[0] in self.all_types:
|
||||||
+ iter = self.transition_store.append()
|
+ iter = self.transition_store.append()
|
||||||
+ self.transition_store.set_value(iter, 0, m[0])
|
+ self.transition_store.set_value(iter, 0, m[0])
|
||||||
+ continue
|
+ continue
|
||||||
@ -6437,8 +6444,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||||||
+ app.stand_alone()
|
+ app.stand_alone()
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.83/gui/polgen.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.83/gui/polgen.py
|
||||||
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.83/gui/polgen.py 2010-08-05 17:40:15.000000000 -0400
|
+++ policycoreutils-2.0.83/gui/polgen.py 2010-09-10 11:45:43.000000000 -0400
|
||||||
@@ -0,0 +1,1309 @@
|
@@ -0,0 +1,1318 @@
|
||||||
+#!/usr/bin/python -Es
|
+#!/usr/bin/python -Es
|
||||||
+#
|
+#
|
||||||
+# Copyright (C) 2007-2010 Red Hat
|
+# Copyright (C) 2007-2010 Red Hat
|
||||||
@ -6638,6 +6645,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ self.ports = get_all_ports()
|
+ self.ports = get_all_ports()
|
||||||
+ except ValueError, e:
|
+ except ValueError, e:
|
||||||
+ print "Can not get port types, must be root for this information"
|
+ print "Can not get port types, must be root for this information"
|
||||||
|
+ except RuntimeError, e:
|
||||||
|
+ print "Can not get port types", e
|
||||||
+
|
+
|
||||||
+ self.symbols = {}
|
+ self.symbols = {}
|
||||||
+ self.symbols["openlog"] = "set_use_kerberos(True)"
|
+ self.symbols["openlog"] = "set_use_kerberos(True)"
|
||||||
@ -6786,7 +6795,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ self.transition_domains = []
|
+ self.transition_domains = []
|
||||||
+ self.transition_users = []
|
+ self.transition_users = []
|
||||||
+ self.roles = []
|
+ self.roles = []
|
||||||
+ self.all_roles = get_all_roles()
|
|
||||||
+
|
+
|
||||||
+ def __isnetset(self, l):
|
+ def __isnetset(self, l):
|
||||||
+ return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
|
+ return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
|
||||||
@ -7157,10 +7165,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules)
|
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules)
|
||||||
+ newte += re.sub("APPLICATION", app, tmp)
|
+ newte += re.sub("APPLICATION", app, tmp)
|
||||||
+
|
+
|
||||||
|
+ all_roles = []
|
||||||
|
+ try:
|
||||||
|
+ all_roles = get_all_roles()
|
||||||
|
+ except ValueError, e:
|
||||||
|
+ print "Can not get all roles, must be root for this information"
|
||||||
|
+ except RuntimeError, e:
|
||||||
|
+ print "Can not get all roles", e
|
||||||
|
+
|
||||||
+ for u in self.transition_users:
|
+ for u in self.transition_users:
|
||||||
+ role = u.split("_u")[0]
|
+ role = u.split("_u")[0]
|
||||||
+
|
+
|
||||||
+ if (role + "_r") in self.all_roles:
|
+ if (role + "_r") in all_roles:
|
||||||
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_trans_rules)
|
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_trans_rules)
|
||||||
+ newte += re.sub("USER", role, tmp)
|
+ newte += re.sub("USER", role, tmp)
|
||||||
+
|
+
|
||||||
|
@ -1647,7 +1647,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||||||
@python test_sandbox.py -v
|
@python test_sandbox.py -v
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox
|
||||||
--- nsapolicycoreutils/sandbox/sandbox 2010-06-16 08:03:38.000000000 -0400
|
--- nsapolicycoreutils/sandbox/sandbox 2010-06-16 08:03:38.000000000 -0400
|
||||||
+++ policycoreutils-2.0.83/sandbox/sandbox 2010-09-09 16:28:25.000000000 -0400
|
+++ policycoreutils-2.0.83/sandbox/sandbox 2010-09-13 11:40:20.000000000 -0400
|
||||||
@@ -1,5 +1,6 @@
|
@@ -1,5 +1,6 @@
|
||||||
-#! /usr/bin/python -E
|
-#! /usr/bin/python -E
|
||||||
+#! /usr/bin/python -Es
|
+#! /usr/bin/python -Es
|
||||||
@ -1704,16 +1704,20 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||||||
if not os.path.exists(newdir):
|
if not os.path.exists(newdir):
|
||||||
os.makedirs(newdir)
|
os.makedirs(newdir)
|
||||||
dest = newdir + "/" + bname
|
dest = newdir + "/" + bname
|
||||||
@@ -83,7 +87,7 @@
|
@@ -81,9 +85,10 @@
|
||||||
|
shutil.copytree(file, dest)
|
||||||
|
else:
|
||||||
shutil.copy2(file, dest)
|
shutil.copy2(file, dest)
|
||||||
|
+
|
||||||
except shutil.Error, elist:
|
except shutil.Error, elist:
|
||||||
for e in elist:
|
- for e in elist:
|
||||||
- sys.stderr.write(e[1])
|
- sys.stderr.write(e[1])
|
||||||
+ sys.stderr.write(str(e[1]))
|
+ for e in elist.message:
|
||||||
|
+ sys.stderr.write(e[2])
|
||||||
|
|
||||||
SAVE_FILES[file] = (dest, os.path.getmtime(dest))
|
SAVE_FILES[file] = (dest, os.path.getmtime(dest))
|
||||||
|
|
||||||
@@ -161,10 +165,10 @@
|
@@ -161,10 +166,10 @@
|
||||||
if not self.__options.homedir or not self.__options.tmpdir:
|
if not self.__options.homedir or not self.__options.tmpdir:
|
||||||
self.usage(_("Homedir and tempdir required for level mounts"))
|
self.usage(_("Homedir and tempdir required for level mounts"))
|
||||||
|
|
||||||
@ -1727,7 +1731,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
def __mount_callback(self, option, opt, value, parser):
|
def __mount_callback(self, option, opt, value, parser):
|
||||||
self.__mount = True
|
self.__mount = True
|
||||||
@@ -172,6 +176,15 @@
|
@@ -172,6 +177,15 @@
|
||||||
def __x_callback(self, option, opt, value, parser):
|
def __x_callback(self, option, opt, value, parser):
|
||||||
self.__mount = True
|
self.__mount = True
|
||||||
setattr(parser.values, option.dest, True)
|
setattr(parser.values, option.dest, True)
|
||||||
@ -1743,7 +1747,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
def __validdir(self, option, opt, value, parser):
|
def __validdir(self, option, opt, value, parser):
|
||||||
if not os.path.isdir(value):
|
if not os.path.isdir(value):
|
||||||
@@ -218,7 +231,7 @@
|
@@ -218,7 +232,7 @@
|
||||||
/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
|
/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
|
||||||
%s &
|
%s &
|
||||||
WM_PID=$!
|
WM_PID=$!
|
||||||
@ -1752,7 +1756,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||||||
kill -TERM $WM_PID 2> /dev/null
|
kill -TERM $WM_PID 2> /dev/null
|
||||||
""" % (command, wm, command))
|
""" % (command, wm, command))
|
||||||
fd.close()
|
fd.close()
|
||||||
@@ -230,9 +243,9 @@
|
@@ -230,9 +244,9 @@
|
||||||
def __parse_options(self):
|
def __parse_options(self):
|
||||||
from optparse import OptionParser
|
from optparse import OptionParser
|
||||||
usage = _("""
|
usage = _("""
|
||||||
@ -1764,7 +1768,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||||||
""")
|
""")
|
||||||
|
|
||||||
parser = OptionParser(version=self.VERSION, usage=usage)
|
parser = OptionParser(version=self.VERSION, usage=usage)
|
||||||
@@ -268,6 +281,10 @@
|
@@ -268,6 +282,10 @@
|
||||||
action="callback", callback=self.__validdir,
|
action="callback", callback=self.__validdir,
|
||||||
help=_("alternate /tmp directory to use for mounting"))
|
help=_("alternate /tmp directory to use for mounting"))
|
||||||
|
|
||||||
@ -1775,7 +1779,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||||||
parser.add_option("-W", "--windowmanager", dest="wm",
|
parser.add_option("-W", "--windowmanager", dest="wm",
|
||||||
type="string",
|
type="string",
|
||||||
default="/usr/bin/matchbox-window-manager -use_titlebar no",
|
default="/usr/bin/matchbox-window-manager -use_titlebar no",
|
||||||
@@ -276,13 +293,17 @@
|
@@ -276,13 +294,17 @@
|
||||||
parser.add_option("-l", "--level", dest="level",
|
parser.add_option("-l", "--level", dest="level",
|
||||||
help=_("MCS/MLS level for the sandbox"))
|
help=_("MCS/MLS level for the sandbox"))
|
||||||
|
|
||||||
@ -1794,7 +1798,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||||||
if self.__options.setype:
|
if self.__options.setype:
|
||||||
self.setype = self.__options.setype
|
self.setype = self.__options.setype
|
||||||
|
|
||||||
@@ -299,6 +320,9 @@
|
@@ -299,6 +321,9 @@
|
||||||
self.__options.X_ind = True
|
self.__options.X_ind = True
|
||||||
self.__homedir = self.__options.homedir
|
self.__homedir = self.__options.homedir
|
||||||
self.__tmpdir = self.__options.tmpdir
|
self.__tmpdir = self.__options.tmpdir
|
||||||
@ -1804,7 +1808,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||||||
else:
|
else:
|
||||||
if len(cmds) == 0:
|
if len(cmds) == 0:
|
||||||
self.usage(_("Command required"))
|
self.usage(_("Command required"))
|
||||||
@@ -351,22 +375,24 @@
|
@@ -351,22 +376,24 @@
|
||||||
|
|
||||||
def __execute(self):
|
def __execute(self):
|
||||||
try:
|
try:
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.83
|
Version: 2.0.83
|
||||||
Release: 25%{?dist}
|
Release: 27%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -315,7 +315,13 @@ fi
|
|||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Sep 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-25
|
* Mon Sep 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-27
|
||||||
|
- Fix sandbox copyfile when copying a dir with a socket, print error
|
||||||
|
|
||||||
|
* Fri Sep 10 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-26
|
||||||
|
- Stop polgengui from crashing if selinux policy is not installed
|
||||||
|
|
||||||
|
* Thu Sep 9 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-25
|
||||||
- Fix bug preventing sandbox from using -l
|
- Fix bug preventing sandbox from using -l
|
||||||
|
|
||||||
* Tue Sep 7 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-24
|
* Tue Sep 7 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-24
|
||||||
|
Loading…
Reference in New Issue
Block a user